github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic_test.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_only_use_strong_cryptographic_test.rego (about)

     1  package builtin.kubernetes.KCV0092
     2  
     3  test_validate_do_not_use_strong_cryptographic {
     4  	r := deny with input as {
     5  		"apiVersion": "v1",
     6  		"kind": "NodeInfo",
     7  		"type": "master",
     8  		"info": {"kubeletOnlyUseStrongCryptographic": {"values": ["aaa"]}},
     9  	}
    10  
    11  	count(r) == 1
    12  }
    13  
    14  test_validate_do_use_strong_cryptographic {
    15  	r := deny with input as {
    16  		"apiVersion": "v1",
    17  		"kind": "NodeInfo",
    18  		"type": "worker",
    19  		"info": {"kubeletOnlyUseStrongCryptographic": {"values": ["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"]}},
    20  	}
    21  
    22  	count(r) == 0
    23  }
    24  
    25  test_validate_do_use_strong_cryptographic_empty {
    26  	r := deny with input as {
    27  		"apiVersion": "v1",
    28  		"kind": "NodeInfo",
    29  		"type": "worker",
    30  		"info": {"kubeletOnlyUseStrongCryptographic": {"values": []}},
    31  	}
    32  
    33  	count(r) == 1
    34  }